We are presently running FWSM 2.3(3)6 and are upgrading to the 3.2 code train. My question is if we are presently running NAT exemption with plans of implementing no nat control post upgrade, are there any caveats/implications to doing so. Will typing "no nat control" post upgrade wipeout any nat commands from the configuration and is it that simple???
If you disable NAT control (no nat-control) then you can remove the outside NAT exemption command. By default, the FWSM creates NAT sessions for all connections even if you do not use NAT. For example, a session is created for each untranslated connection even if you do not enable NAT control, you use NAT exemption or identity NAT, or you use same security interfaces and do not configure NAT.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...